How does browser know what Certificate to provide for Client Cert Authentication

Ever wonder how the browser provided the client cert when multiple are available for the user? The answer is the server that is requesting the client cert for authentication has an option to ask for the cert that is signed by a specific Distinguished Name CA, which is part of the server communication. You can …

Automate Citrix Session Launch for Load tests or health probing

Requirements Citrix Workspace app Version 1808 for Windows or later. Storefront Store needs to have http auth module enabled. Step 1: Retrieve Resource Name of the app/desktop you would like to automate “C:\Program Files (x86)\Citrix\ICA Client\AuthManager\storebrowse.exe” -U <username> -P <password> -D <domain> -M 0x2000 -E “https://<storefrontserver>/Citrix/<storename>/discovery” First column of the output would have the resource …

Citrix ADC Load Balance Config for CyberArk PSM

At the time of this post, CyberArk does not have documentation on load balancing Privileged Session Management (PSM) traffic for Citrix ADC, though they provide an example config for F5, it doesn’t translate to Citrix. Hopefully, this would help someone that is trying to do this for ADC. Couple of things to call out, the …

Sign Scripts/EXE’s with Powershell

Note: codesign cert needs to exist under the user’s personal store. TimestampServer is recommended as the script signing would still be honored even the cert that used for signing expires in the future, timestamp server from DigiCert is used as an example, any popular public timestamp server will do.

Migrating Bookmarks/Favorites from IE11 to Microsoft Edge Chromium

The New Microsoft Edge does not support folder redirection for Favorites/Bookmarks, the AutoImportAtFirstRun policy could do a one-time import of the current IE bookmarks silently on the first launch but the challenge is to keep them in sync across various devices when users roam. Automatically import another browser’s data and settings at first run SOFTWARE\Policies\Microsoft\Edge\AutoImportAtFirstRun …

Add Disclaimer to Citrix ADC RfWebUI theme easily.

RfWebUI in ADC is a mobile-friendly theme, adapts fluidly to different screen layouts, and supports Citrix Receiver Extension APIs making customizing a lot easier. Moreover this is a supported approach from Citrix based on their nfactor extensibility framework. The two files we are interested in adding a disclaimer to the login page are scripts.js and …